Phishing Campaign Targets HMRC To Steal Login And Payment Data

Share It On:

Phishing is the fraudulent attempt to acquire sensitive information such as usernames, password and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in electronic communication.

Email phishing is a traditional hacking method but still a very lucrative option for many cyber criminals. This time HMRC has been targeted through an email phishing campaign with the aim to steal users’ logins and payment card details.

New HMRC Email Phishing Tricks Users for Tax Refunds

Studies done by Malwarebytes Labs have exposed an old phishing trick being exploited in the wild once again.  The attacker employed HMRC email phishing attack to steal sign in details of emails and payment data of the users.

 The attackers are pulling users by offering tax refunds. To notify and to put some pressure on the recipients, they set deadlines in their emails for the users to claim said returns. The emails claim to be sent from the UKGOV tax office. This email provides a refund of GBP 542.94 to be sent directly into the customers’ accounts.

 How Does It Work

Since only the researchers at Malwarebytes Labs received such an email, they explained about this new HMRC phishing attack in detail. Reportedly, the scam begins by asking the recipient to click on a given link to the “gateway portal.” Upon clicking the link, the user reaches a new page that appears like Microsoft Outlook. Here, the user will supposedly enter their email and password to the login portal. From this point, the attackers gain access to the email login credentials.

Expect Malawarebytes labs no received such an email; in detail, they informed and explained about the new HMRC phishing attack.  As per the reports, the scam starts by asking the recipient to click on the given link on the “gateway portal.” Once the connection is clicked, there will appear a new page that looks like Microsoft Outlook. Here, the users will supposedly sign in their email and passwords to a login portal.  From this point, the attacker’s gains access to the email login credentials.

After that, the user reaches a fake HMRC portal that displays a form. A tricked user would unknowingly begin entering all the details as asked, thus falling prey to the hackers. The details asked at this stage include users’ name, contact address, contact number, date of birth, mother’s maiden name (a common secret question for most accounts), and card details.

After that, the users get to a fake HMRC portal that showcases a form. In that form users have to enter the details includes name, contact address, contact number, date of birth, mother’s maiden name ( a shared secret for most users), and card details.

 Phishing is so successful because most users tend to be more trusting when receiving emails. The attackers present tax refund a typical problem one would come across every few years.

To stay secure from such attacks, make sure you double check the sender’s address before opening emails, additionally avoid following direct links and log in to a website directly.


Share It On:

Recent Posts

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT Social Innovation Award 2024

Kataho’s Digital Addressing System Shines: Top 5 Finalists in ICT

Share It On:29th November 2024, Kathmandu Kataho has been recognized as one of the Top 5 Finalists in the ICT

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Xiaomi’s Smart Rice Cooker Nepal: App Control, 8-in-1 Functionality

Share It On:28th November 2024, Kathmandu Xiaomi, the global technology leader, has launched the Xiaomi Smart Multifunctional Rice Cooker in

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Ncell’s Innovative Approach: Cricket Powering Education in Nepal

Share It On:28th November 2024, Kathmandu Ncell Foundation has announced an innovative partnership that combines the excitement of cricket with

realme Expands in Dang: Nepal Gets First Service Center

realme Expands in Dang: Nepal Gets First Service Center

Share It On:28th November 2024, Kathmandu realme, the most trusted technology brand, has inaugurated its 5th service center in Nepal,

Nammi EV Price Hike in Nepal: A Detailed Look at the New Costs

Nammi EV Price Hike in Nepal: A Detailed Look at

Share It On:28th November 2024, Kathmandu Nammi, the big hatch with five-star luxury, debuted the international launch of the right-hand-

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

NMB Bank’s Commitment to Cybersecurity: A Focus on Manager Training

Share It On:28th November 2024, Kathmandu The NMB Bank organized a special training session for its managers to strengthen their